/***************************************************************************
- * Copyright (C) 2005-2016 by the Quassel Project *
+ * Copyright (C) 2005-2018 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#endif
#include <QDateTime>
-#include <QFile>
-#include "logger.h"
#include "quassel.h"
+#include "logmessage.h"
#ifdef HAVE_SSL
quWarning()
<< "SslServer: Unable to set certificate file\n"
<< " Quassel Core will still work, but cannot provide SSL for client connections.\n"
- << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+ << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
sslWarningShown = true;
}
}
QTcpSocket *SslServer::nextPendingConnection()
{
if (_pendingConnections.isEmpty())
- return 0;
+ return nullptr;
else
return _pendingConnections.takeFirst();
}
-#if QT_VERSION >= 0x050000
+
void SslServer::incomingConnection(qintptr socketDescriptor)
-#else
-void SslServer::incomingConnection(int socketDescriptor)
-#endif
{
QSslSocket *serverSocket = new QSslSocket(this);
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
quWarning()
<< "SslServer: Unable to reload certificate file, reverting\n"
<< " Quassel Core will use the previous key to provide SSL for client connections.\n"
- << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+ << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
} else {
quWarning()
<< "SslServer: Unable to reload certificate file\n"
<< " Quassel Core will still work, but cannot provide SSL for client connections.\n"
- << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+ << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
}
return false;
}
return false;
}
- untestedKey = QSslKey(&keyFile, QSsl::Rsa);
+ untestedKey = loadKey(&keyFile);
keyFile.close();
} else {
- untestedKey = QSslKey(&certFile, QSsl::Rsa);
+ untestedKey = loadKey(&certFile);
}
certFile.close();
// We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
const QDateTime now = QDateTime::currentDateTime();
- if (now < untestedCert.effectiveDate())
+ if (now < untestedCert.effectiveDate()) {
quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString();
-
- else if (now > untestedCert.expiryDate())
+ }
+ else if (now > untestedCert.expiryDate()) {
quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString();
-
- else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
-#if QT_VERSION < 0x050000
- if (!untestedCert.isValid())
-#else
- if (untestedCert.isBlacklisted())
-#endif
- quWarning() << "SslServer: Certificate blacklisted";
}
+ else if (untestedCert.isBlacklisted()) {
+ quWarning() << "SslServer: Certificate blacklisted";
+ }
+
if (untestedKey.isNull()) {
quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data";
return false;
}
+QSslKey SslServer::loadKey(QFile *keyFile)
+{
+ QSslKey key;
+ key = QSslKey(keyFile, QSsl::Rsa);
+ if (key.isNull()) {
+ if (!keyFile->reset()) {
+ quWarning() << "SslServer: IO error reading key file";
+ return key;
+ }
+ key = QSslKey(keyFile, QSsl::Ec);
+ }
+ return key;
+}
+
+
#endif // HAVE_SSL